julian at jlbprof.com
Tue Jan 8 12:50:21 CST 2013
Please forgive my noobness.
I am new to Volatility and just viewed a discussion on memory
acquisition problems and the malware removing itself from the memory
before it was written to file for later analysis.
Does malware such as Rustock.C leave any traces behind such as portions
of the program used to "remove" itself from memory but cannot completely
Of if not, how do the researchers know it was present? Did they do a
controlled infection and watch it remove itself by other means?
More information about the Vol-users